Symantec Endpoint Protection has quite a hold on the Anti-Virus market share. Many have environments where it’s used, and may not be the administrators or even able to view data from the Symantec Endpoint Protection Manager. In light of that, I’ve written a PowerShell script to check the last update time for SEP definitions that can either be run manually or set as a scheduled task.

# Check if Symantec Endpoint Protection is installed. If not, exit.

#Check last write date of AV definitions and compare to a variable set for time – 7 days.

# Write to the event log whether definitions are current or not

#Send email if definitions are out of date

*Things to Note*

As it stands, in each of the “if ($writetime” blocks there is a “write-host”. If you plan on running this as a scheduled task you’ll want to remove or comment out those lines.

I will also be writing this as a SCOM management pack, and an SCCM Compliance Item.

Hi, thanks very much for making this script available. I’m following up on a comment made in this post “•I will also be writing this as a SCOM management pack”. Did you ever create that SCOM management pack?

That would actually be pretty easy. All you would have to do is take out the “#Email Notify” section, and use the rest of the script as a powershell discovery script in an SCCM compliance item. For your compliance rule you would just use a string and say must equal “no”. Since in the way it’s written “no” equals do not notify. You could change the write-host at the end of those blocks to make it easier to understand if you wanted. Otherwise, that should work out fine.